We care about your privacy, just like we care about our own privacy. So on this page, we’re going to explain how things work on The Hidden Things, and how that affects your privacy.
As always: If you’ve got any questions, please don’t hesitate to get in touch with us!
On The Hidden Things, we share fun stuff, inspiration and food for thought, all related to the underlying structures which drive all areas of life. We might also offer services or products related to these topics. In order to do all that, we need to process some data:
Our server is hosted by a German company, and is physically located in a German data processing center. We have closed a data processing contract with the hosting provider according to German law, Art. 28 DSGVO.
What is personal data?
In simple terms: Personal data is information which is tied to your identity, i.e. to you as a person. This includes e.g. your real name, your address or your phone number.
Thus, non-personal data is all data which can not directly be connected with your identity. This includes statistical data like the most viewed articles on this site, or the number of visitors.
You can use a lot of stuff on The Hidden Things without us learning who you are. (Read on to learn which personal data might still be processed, though, and why.)
On the other hand, some things can only be used if you give us some of your personal data.
I mean, that’s pretty obvious, right? Without giving us your email address, it would be difficult for you to subscribe to our emails…
Still, it seems that we have to warn you about this, tell you that it’s completely optional, and also add the disclaimer that if you don’t give us that data, you won’t be able to use these things. Well. You’ve been told.
When you visit this website (like right now), some data is transferred to our webserver, in particular your IP address. This is technically necessary in order for you to even see this page in your browser.
For legal or security reasons, our hosting provider can store such information in their log files. We don’t have any access to the server log files.
To get statistical data about web site visits, we use the software Matomo. Matomo is open source, and all Matomo data is stored on our own web server. We use Matomo such that IP addresses are rendered anonymous. That means that before your IP address is used analyzed and stored, it is being shortened by the last two bytes. That makes it impossible to identify you by this shortened IP address.
If you leave a comment at any of our articles, your IP address is going to be stored for 60 days for security reasons. This is necessary so that we can take action against illegal content, offences etc. We might also use this information to fight spam on The Hidden Things.
If you subscribe to our email newsletter, we have to document that it really was you who subscribed. In order to do that, your IP address and the time/date of your subscription will be stored. The same applies if you close a contract with us, e.g. by buying a product, or ordering a consulting.
What are cookies?
Cookies are small text files which your browser stores on your computer in order to do its job. I.e. they are no malware, but just a tool that your browser uses. In particular, a stored cookie does not allow us to access any other data or files from your computer.
In particular, we do not use any weird stuff like flash cookies or cookie respawning. (Respawning means that cookies which you have deleted are being restored on your computer through technical tricks.) Apart from the fact that this is probably illegal, that kinda stuff just really freaks us out.
Cookies come in two variants: permanent and temporary.
Temporary cookies are being automatically deleted when you close your browser. Permanent cookies are being stored on your computer for a certain length of time even when you close your browser.
Also, there is a difference between “third party” cookies and “first party” cookies:
Third party cookies are being set by a third party. E.g. you visit a website which shows ads by an ad service, and that ad service (a third party, since it’s not their own website) is setting a cookie to track you on other websites as well. Or a video is shown, and the service which hosts that video set its own cookie. Or a Facebook button, or …
… but we’ll be getting to all that stuff below, and we’ll explain in detail how we handle it on The Hidden Things to protect your privacy.
Consequently, first party cookies are cookies by the website you’ve actually visited. Again, more about how we use that and why in a minute.
In your browser settings, you can change how and which cookies will be accepted. E.g. you can only accept temporary cookies, or have your browser delete all cookies each time you close it. How you use these settings is a trade-off between comfort and privacy, and there are website functions like shopping carts or membership areas which won’t work without cookies.
Note also that these settings are browser- and device-specific. If you use another device (e.g. your mobile instead of your computer), you need to adjust the settings. Same if you switch to a different browser.
- to make things easier and more comfortable for you
- to improve The Hidden Things
- because it’s technically necessary
If you’ve got an account on this website and you log into this account, a temporary cookie is set to check if your browser accepts cookies. This cookies does not contain any personal data, and will be deleted when you close your browser.
Also on login, cookies will be set to capture your login information (i.e. to let the system know that you’re logged in), and display options. Login cookies are deleted after two days, display option cookies after a year. If you checkmark the option “Remember me” on the login screen, your login information will be stored in cookies for two weeks. If you actively log out of your account (i.e. not just close your browser, but click the log out link), the login cookies will be deleted.
If you’re part of the team, and you’re editing or publishing an article, another cookie is stored in your browser. This cookie does not contain any personal data, it just refers to the id of the article in question. This cookie will be deleted after a day.
Cookies for statistical analysis
We use the software Matomo to collect statistical data about the website visitors on The Hidden Things. Matomo is an open source software which is hosted on our webserver.
Matomo uses temporary and permanent cookies. The permanent cookies allow for the statistical analysis of repeat visitors (like you, hopefully! 😉 ).
This analysis is very important for us. Through this, we learn e.g. which content is most interesting to our visitors, or how our visitors were referred to The Hidden Things.
This allows us e.g. to write more articles about popular topics, and thus to serve our audience (again, you!) better. With the information from Matomo, we can also find and correct mistakes, e.g. links which are leading into nowhere.
What’s of no interest to us at all is how a certain person (i.e. you, personally, in particular) is using this website, and what he or she is reading or doing.
(C’mon – while we know that you’re important and interesting and all that, we’re really not that interested in knowing whether you read the article on cats first, or the article on dogs. Seriously. We’ve got our own lives.)
So the Matomo cookies are not being analyzed on a per person basis, but only used for non-personal analysis and user stats.
However, if you really don’t want these cookies on your device, you’ve got several options:
- You could tell your browser not to accept any cookies by thehiddenthings.com. Since the process is slightly different for each browser, a quick internet search should teach you how to do that.
But as pointed out above, some stuff on The Hidden Things simply might not work without cookies.
- You could delete all cookies from The Hidden Things when you leave our website. That will also delete the Matomo statistical analysis cookies.
However, you’d have to repeat that deletion after each visit – or set your browser such that cookies from The Hidden Things are automatically deleted each time you close your browser.
- You could activate the “Do Not Track” function of your browser. That’ll tell Matomo to ignore your visit in the stats. Please check if and how that can be done for your particular browser.
- You can tell Matomo to set a so-called “Opt out” cookie.
Paradoxically, this function stores a specific cookie in your browser. When you visit The Hidden Things and Matomo finds this cookie, you won’t be tracked, and whatever you do will not be added to our stats.
Obviously, this will only work as long as this cookie is stored in your browser. I.e. if you delete this cookie, you will be tracked again!
You can set the opt-out cookie through the following checkbox – and if you click it again, you will remove the cookie and thus be added to our stats again.
Our email newsletters are being managed and sent via ConvertKit. We have closed a data processing contract with ConvertKit, and they are certified to the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks and subject all personal data from EU/EEA and Swiss individuals to the Privacy Shield Principles.
By using a specialized email provider, we’re making sure that our emails are being reliably sent, and that they are less likely to mistakenly get caught in a spam filter. Sending our email newsletters via our own webserver is not a suitable option.
If you want to subscribe to an email newsletter on The Hidden Things, we’ll need (surprise!) your valid email address.
For legal reasons, we need to make sure that it’s really you who is subscribing, and that you’re using your own email address.
In order to do that, we use the so-called double optin procedure. With double optin, we’ll send you an email right after your signup. You need to click on a link in that email to confirm your subscription. We also store time and date of your subscription, and your IP address for legal reasons (see above).
Any other data that we might ask for with regards to your newsletter signup is optional. We only use such additional data, e.g. your name or special interests, to address you a bit more personally, or to make sure we only send you the content which is of interest to you.
When you sign up for a newsletter, we also store the information through which form this signup happened. This info is only statistically relevant to us: If a lot of readers use a specific form, then that content is particularly important, and we can write more about that e.g. in our emails.
With your signup, you give us your consent to receive the requested email newsletters, and to process and store your data as explained. Your can revoke your consent by unsubscribing from our newsletters at any time. An unsubscription link is at the bottom of each newsletter email.
Note that you might still get other emails from us after unsubscribing, though: e.g. personal replies to emails you send us, or legally required emails when you purchase something from us.
The newsletter emails contain a tracking pixel (also called tracking bug, web bug or web beacon). This is a small (invisible) image file. When you open an email, this tracking pixel is being loaded from the servers of the mailing list provider.
When the tracking pixel is loaded, our mailing list provider receives technical information about your system, in particular your IP address.
The tracking pixel is only relevant to us for statistical evaluation, and we have a valid business interest in doing so. It’s important for us to know which emails get more or less opens, so that we can send our subscribers as a whole more of what interests them. This information is not used to spy on specific people – that would be creepy, and we’ve really got more important things to do… 😉
The links in our email newsletters are tracking links. That gives us statistical data about the number of times a link has been clicked. Again, we’ve got a valid interest in knowing which links are of importance to our readers overall.
If you send us any emails, they will be processed and stored on our mail server and on local devices.
Non-encrypted emails can be read by other people – never put confidential information into a non-encrypted email. That’s a bit like sending it on a postcard…
We use contact forms in some places, and you can use them to send us a note.
Obviously, we need the data in these forms to process your request. It will be stored on our webserver, and (depending on your request) potentially also on local devices. If we reply by email, the emails will be processed and stored as explained above.
Blog comments and user profiles
When you write a comment to one of our articles, this comment with all corresponding data will be stored infinitely. (Or, well, as long as The Hidden Things exists.)
This allows us to recognise future comments from you, and to publish them automatically. (Otherwise each of your comments would have to wait for moderation.) We use this way of dealing with comments to handle the inevitable spam.
If you register as a user on The Hidden Things, we will store the personal information which you add to your user profile. Each user can look at, change or delete their personal data at any time. (Note that the username can not be changed for technical reasons.) All website admins can also access and change this information.
Third-party services and content
We use services and content from third parties, e.g. Youtube videos. In order to display this content in your browser, your IP address and potentially other data might have to be submitted to the third party providers.
In the next few sections, we explain in detail what this means for you. The short version is this, though:
Wherever possible, we integrate third party services/content such that no data is transferred to the third party provider until you explicitly click on the third party element (the Youtube video, the Facebook share button, …). So it’s entirely up to you whether your IP address and other data is transferred to these provides.
Hosting videos locally (i.e. on our webserver) isn’t powerful enough, and some videos are only available to us through third party services.
Thus we use providers like YouTube to show you videos on The Hidden Things. Thereby, information of your browser and/or viewing device (computer, mobile phone, …) might be transferred to the provider, together with your IP address.
These providers might also set cookies in your browser (unless you’ve disabled third-party cookies altogether, see above).
However, we us a specific way of integrating YouTube videos which ensures that the videos are only being loaded from Youtube when you first click on the video. Thus, your data is also only transferred to Youtube when you click on the video.
Social buttons and social plugins
Usually, when a website integrates social buttons or plugins (e.g. a Facebook share or like button), some data is transferred straight to the providers of these services right when the website is being loaded in your browser.
But on The Hidden Things, we’re using a special technical solution to make sure that no data is transferred to social providers (like Facebook or Twitter) until you click on their button for the first time. So it’s totally up to you whether you want Facebook, Twitter etc to get any information about you or not!
In the next few sections, there is some specific info about certain providers, but please keep this background in mind: None of your data is being transferred to them until you click the respective button.
Facebook social plugins
We use social plugins by the social network facebook.com, which is a service of Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
These plugins can be interactive elements or content (e.g. videos, graphics or text) and can be recognised by one of the Facebook logos (white “f” on blue ground, the terms “like”, “share” a thumbs up image) or are indicated by the addition “Facebook Social Plugin”. A list of all Facebook Social Plugin elements and their appearance is shown here: https://developers.facebook.com/docs/plugins/
Facebook certified under the Privacy Shield Agreement and thus guarantees to meed EU privacy standards.
Only when you click on a Facebook plugin on The Hidden Things (e.g. a share or like button), your browser directly connects with Facebook’s servers. This means that Facebook can collect some data about you, your browser, … It’s possible to generate e.g. user profiles from this data.
We have no influence whatsoever over the kind of data that Facebook collects, and thus refer you directly to the relevant page at Facebook for current information.
Note that Facebook can collect and store information about you, in particular your IP address or an anonymized version of it, even if you don’t have a Facebook account, or are not logged into your Facebook account.
If you have a Facebook account and don’t want Facebook to collect data about you through The Hidden Things, and to combine this data with your stored user data, you can log out of your Facebook account and delete your cookies. In your Facebook profile, there are other privacy options which you can set.
And again: On The Hidden Things, all of this only applies to you if you click on a Facebook Like or Share button! Otherwise, no data will be transferred to Facebook.
We use elements by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. You can recognise them by terms like “Twitter” or “Follow”, in combination with a stylised blue bird. Through these elements, it’s possible to share content from The Hidden Things on Twitter, or to follow us on Twitter.
If you click on such an element, your browser connects directly to Twitter and thus Twitter might get, process and store information about you (but only then, see above – if you do not click on Twitter buttons or elements, Twitter will not get any data from you through The Hidden Things!).
If you’re a Twitter user, Twitter can connect this with your Twitter profile. Twitter is certified under the Privacy Shield Agreement and thus guarantees to follow EU privacy laws.
We use functionality and content of XING, provided by XING AG, Dammtorstraße 29-32, 20354 Hamburg, Germany. This could be content like images, videos or text, or buttons with which you can rate our content or connect with us on XING. If you’ve got a XING account, XING can connect your requests with your XING profile. You can find the XING Privacy Notice here.
Again, this is only relevant if you click on a XING element or button. Otherwise, no data will be transferred to XING.
We use functionality and content of LinkedIn, provided by LinkedIn Ireland Unlimited Company Wilton Place, Dublin 2, Ireland. This could be content like images, videos or text, or buttons with which you can rate our content or connect with us on LinkedIn. If you’ve got a LinkedIn account, LinkedIn can connect your requests with your LinkedIn profile.
Again, this is only relevant if you click on a LinkedIn element or button. Otherwise, no data will be transferred to LinkedIn.
LinkedIn is certified under the Privacy Shield Agreement and thus guarantees to follow EU privacy laws. You can find the LinkedIn Privacy Notice here, and an Opt-Out Option here.
In decent human connections, your rights should be pretty much self-evident… But to dot all the i’s and cross all the t’s, here we go again:
You can, at any time, request information about your data which we’ve stored. You can also ask for a correction or completion of your data if it’s wrong or incomplete.
You can ask us to delete your personal data. Data for tax or accounting purposes, and data which we’re legally required to store, can only be deleted once the relevant timeframes are over, or once we’re done with the required processing.
You can ask us to transfer your data to other people.
You can complain with the responsible supervisory authority.
You can at any time revoke your consent for data processing and storage which you’ve given to us, with effect for the future.
And you can, at any time, object to the future usage of your data, in particular with regards to direct marketing.
In simple terms translated, this means:
Get in touch with us if you have any questions, concerns, or if you need help regarding your data – we’ll be happy to help. If you’d like to have any data deleted, or if you don’t want us to use your data any longer, get in touch, too. We’ll be happy to do that (unless we need to store it e.g. for legal reasons). Of course, you still have the option to complain to the relevant authorities.
But as we said, in a decent human contact, all of this should be self-evident…
Responsible with regards to privacy is
Dr. Regine Becher
Phone: +49 (0)7248 / 926713
Get in touch if you have any questions!
Last updated: Jan 20th, 2020